Vulnerability & Exploit Database

Java RMIConnectionImpl Deserialization Privilege Escalation

This module exploits a vulnerability in the Java Runtime Environment
that allows to deserialize a MarshalledObject containing a custom
classloader under a privileged context. The vulnerability affects
version 6 prior to update 19 and version 5 prior to update 23.